8.8
CVE-2025-68623 - Privilege Escalation via Executable Replacement in DirectX EndβUser Runtime Web Installer
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLβ¦
8.8
CVE-2025-67034 - Authenticated OS Command Injection via SSL Credential Deletion in Lantronix EDS5000 Firmware 2.1.0.β¦
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
8.8
CVE-2025-67037 - Authenticated Command Injection in Lantronix EDS5000 Firmware 2.1.0.0 R3 via Tunnel Kill Parameter
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
9.1
CVE-2025-67039 - Authentication Bypass on Lantronix EDS3000PS 3.1.0.0R2 Firmware
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
9.8
CVE-2026-30741 - Remote Code Execution via RequestβSide Prompt Injection in OpenClaw Agent Platform v2026.2.6
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
9.8
CVE-2025-67035 - OS Injection Vulnerabilities in Lantronix EDS5000 SSH Client and Server Pages Allow Remote Command β¦
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, useβ¦
9.8
CVE-2025-70024 - SQL Injection in Benkeen Generatedata 4.0.14
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
9.9
CVE-2025-66956 - Insecure Access Control in Asseco SEE Live 2.0 β Remote Retrieval and Execution of Attachments
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
9.8
CVE-2025-70082 - Arbitrary Code Execution via ltrx_evo Component in Lantronix EDS3000PS Firmware 3.1.0.0R2
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
9.8
CVE-2025-67038 - Root Privilege OS Command Injection via Unvalidated Username in Lantronix EDS5000 Logging
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the usernamβ¦